Dear Team,
I would need your help on understanding what to do next after the combofix report I got (recently detected with Malewarebyte Antimalware some malwares, 2 of them stayed. This lead me to download combofix)
After performing combofix scan, I activated Avast and Zone Alarm. Thank you in advance, here is the report:
ComboFix 12-12-02.01 - Kind 03/12/2012 17:26:02.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.33.1033.18.4095.2223 [GMT 1:00]
Lancé depuis: c:\users\Kind\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPly.xpi
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\DealPlyTune.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\program files (x86)\kikin
c:\program files (x86)\kikin\default_settings.xml
c:\program files (x86)\kikin\file_list.txt
c:\program files (x86)\kikin\ie_kikin.dll
c:\program files (x86)\kikin\KikinBroker.exe
c:\program files (x86)\kikin\KikinCrashReporter.exe
c:\program files (x86)\kikin\uninst.exe
c:\users\Kind\AppData\Local\uninstall.tmp
c:\users\Kind\AppData\Roaming\kikin
c:\users\Kind\AppData\Roaming\kikin\ff_kkes.xml
c:\users\Kind\AppData\Roaming\kikin\ie_configuration.xml
c:\users\Kind\AppData\Roaming\kikin\ie_kkes.xml
c:\users\Kind\AppData\Roaming\kikin\ie_settings.xml
c:\users\Kind\AppData\Roaming\kikin\kikin_updater_2.9.1.exe
c:\users\Kind\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-11-03 au 2012-12-03 ))))))))))))))))))))))))))))))))))))
.
.
2012-12-03 16:42 . 2012-12-03 16:42 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-12-03 16:42 . 2012-12-03 16:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-03 10:43 . 2012-12-03 10:43 -------- d-----w- c:\users\Kind\AppData\Roaming\CheckPoint
2012-12-03 10:42 . 2012-12-03 10:42 -------- d-----w- c:\program files\CheckPoint
2012-12-03 10:41 . 2012-11-15 20:06 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-12-03 10:41 . 2012-11-15 20:06 611160 ----a-w- c:\windows\system32\drivers\klif.sys
2012-12-03 10:23 . 2012-12-03 10:23 -------- d-----w- c:\program files (x86)\Check Point Software Technologies LTD
2012-12-03 10:16 . 2012-12-03 10:40 -------- d-----w- c:\program files (x86)\CheckPoint
2012-12-03 10:16 . 2012-12-03 10:16 -------- d-----w- c:\programdata\CheckPoint
2012-12-02 23:46 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-12-02 23:45 . 2012-12-02 23:45 -------- d-----w- c:\programdata\AVAST Software
2012-12-02 23:45 . 2012-12-02 23:45 -------- d-----w- c:\program files\AVAST Software
2012-12-02 23:25 . 2012-12-02 23:25 -------- d-----w- c:\users\Kind\AppData\Roaming\Malwarebytes
2012-12-02 23:25 . 2012-12-02 23:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-02 23:25 . 2012-12-02 23:25 -------- d-----w- c:\programdata\Malwarebytes
2012-12-02 23:25 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-02 23:20 . 2012-12-02 23:20 -------- d-----w- c:\program files\CCleaner
2012-12-02 23:20 . 2012-12-02 23:20 -------- d-----w- c:\programdata\Browser Manager
2012-12-02 23:19 . 2012-12-02 23:19 -------- d-----w- c:\program files (x86)\BabylonToolbar
2012-12-02 23:18 . 2012-10-30 09:34 816608 ----a-w- c:\program files (x86)\Mozilla Firefox\sqlite3.dll
2012-12-02 23:18 . 2012-12-03 12:16 -------- d-----w- c:\users\Kind\AppData\Local\Lollipop
2012-12-02 23:18 . 2012-12-02 23:18 -------- d-----w- c:\program files (x86)\Vittalia
2012-12-02 21:21 . 2012-12-03 10:09 -------- d-----w- c:\programdata\9A07752DD07C192900009A06DB2B1D51
2012-11-20 23:16 . 2012-11-20 23:16 -------- d-----w- c:\program files (x86)\Euromonitor International
2012-11-20 23:11 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$EURODESK-sqlagtctr10.1.2531.0.dll
2012-11-20 23:11 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$EURODESK-sqlagtctr10.1.2531.0.dll
2012-11-20 23:11 . 2009-07-22 08:17 79896 ----a-w- c:\windows\SysWow64\perf-MSSQL$EURODESK-sqlctr10.1.2531.0.dll
2012-11-20 23:11 . 2009-07-22 08:17 111640 ----a-w- c:\windows\system32\perf-MSSQL$EURODESK-sqlctr10.1.2531.0.dll
2012-11-20 23:10 . 2012-11-20 23:10 -------- d-----w- c:\windows\system32\RsFx
2012-11-20 23:09 . 2012-11-20 23:09 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-11-20 23:09 . 2012-11-20 23:09 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-11-20 23:09 . 2012-11-20 23:09 -------- d-----w- c:\windows\system32\1033
2012-11-20 23:09 . 2012-11-20 23:09 -------- d-----w- c:\windows\SysWow64\1033
2012-11-20 23:09 . 2012-11-20 23:09 -------- d-----w- c:\program files\Microsoft.NET
2012-11-20 23:07 . 2012-11-20 23:14 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-11-20 23:07 . 2012-11-20 23:14 -------- d-----w- c:\program files\Microsoft SQL Server
2012-11-20 22:51 . 2012-11-20 22:51 -------- d-----w- c:\program files (x86)\SAP BusinessObjects
2012-11-14 23:47 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 23:47 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 23:47 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-14 23:47 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 23:36 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 23:36 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 23:36 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 23:36 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 23:36 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 23:36 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 23:36 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-01 14:39 . 2010-02-05 16:05 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-11-30 11:08 . 2010-01-17 09:10 899184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-11-30 10:57 . 2010-05-18 21:19 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-11-22 09:44 . 2010-01-16 09:16 899184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-11-22 09:43 . 2010-05-21 18:50 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-11-20 09:59 . 2010-01-16 09:15 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-11-14 23:37 . 2010-01-14 22:11 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-01 14:31 . 2012-11-01 14:31 450136 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2012-10-16 08:38 . 2012-11-28 09:45 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 09:45 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 09:45 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-08 22:23 . 2012-09-12 13:44 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 22:23 . 2012-02-02 22:40 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-14 19:19 . 2012-10-10 12:15 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 12:15 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{19803860-b306-423c-bbb5-f60a7d82cde5}"= "c:\program files (x86)\WiseConvert_1.5\prxtbWise.dll" [2011-05-09 176936]
"{cfcb809c-3a22-4616-a916-6c007bd9d920}"= "c:\program files (x86)\FileConverter_1.5\prxtbFile.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{19803860-b306-423c-bbb5-f60a7d82cde5}]
.
[HKEY_CLASSES_ROOT\clsid\{cfcb809c-3a22-4616-a916-6c007bd9d920}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2012-09-04 06:15 343296 ----a-w- c:\progra~2\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{19803860-b306-423c-bbb5-f60a7d82cde5}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\WiseConvert_1.5\prxtbWise.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
2012-02-27 08:42 88976 ----a-w- c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}]
2012-10-15 02:10 832720 ----a-w- c:\progra~2\REBATE~1\RebateI.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{cfcb809c-3a22-4616-a916-6c007bd9d920}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\FileConverter_1.5\prxtbFile.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29 1490312 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]
2012-03-06 22:50 2627984 ----a-w- c:\program files (x86)\Bandoo\Plugins\IE\ieplugin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03 1310040 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"= "c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll" [2012-02-27 88976]
"{19803860-b306-423c-bbb5-f60a7d82cde5}"= "c:\program files (x86)\WiseConvert_1.5\prxtbWise.dll" [2011-05-09 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
"{cfcb809c-3a22-4616-a916-6c007bd9d920}"= "c:\program files (x86)\FileConverter_1.5\prxtbFile.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}]
.
[HKEY_CLASSES_ROOT\clsid\{19803860-b306-423c-bbb5-f60a7d82cde5}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{cfcb809c-3a22-4616-a916-6c007bd9d920}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"HW_OPENEYE_OUC_Zain Broadband"="c:\program files (x86)\Zain Broadband\UpdateDog\ouc.exe" [2011-05-03 218624]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-24 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MDS_Menu"="c:\program files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"UpdatePDRShortCut"="c:\program files (x86)\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-08-15 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"InboxToolbar"="c:\program files (x86)\Inbox Toolbar\Inbox.exe" [2012-10-16 1679584]
"SiteRanker"="c:\program files (x86)\SiteRanker\SiteRankTray.exe" [2012-09-04 320000]
"PCPowerSpeed"="c:\program files (x86)\PCPowerSpeed\PCPowerTray.exe" [2012-10-12 385696]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-11-19 73392]
.
c:\users\Kind\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kind\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-10-18 26643352]
Outil de détection de support PMB.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-1-3 327680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2009-10-24 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{D42F84B6-3709-4A50-8502-6719D16AE6C8}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2009-10-24 156880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\BROWSE~1\25911~1.18\{C16C1~1\mngr.dll c:\progra~2\Bandoo\BndHook.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
2009-06-24 19:30 272952 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2009-10-23 23:41 3054136 ----a-w- c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 02:52 104936 ----a-w- c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
.
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-15 359552]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*Deregistered* - avipbb
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contenu du dossier 'Tâches planifiées'
.
2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-12 22:23]
.
2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 21:44]
.
2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 21:44]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624619819-968816689-3696027871-1001Core.job
- c:\users\Kind\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-09 20:55]
.
2012-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1624619819-968816689-3696027871-1001UA.job
- c:\users\Kind\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-09 20:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-02 16330272]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\x64\datamngr.dll c:\progra~2\SEARCH~1\Datamngr\x64\IEBHO.dll
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN115809523469453-1001&toolbarId=base&affiliateId=1001&Lan=fr&utid=9a021929000000000000001e646c8ad9
mDefault_Page_URL = hxxp://fr.yahoo.com
mStart Page = hxxp://home.sweetim.com/?crg=3.26010003&st=12&barid={5920CF87-0453-4081-AEF4-63DA411599DC}
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
TCP: DhcpNameServer = 192.168.250.2
TCP: Interfaces\{03DD06A3-22C2-45B4-83DB-D79CE92C9B30}: NameServer = 80.90.160.35 80.90.160.40
TCP: Interfaces\{8F7F48B5-74C9-48CA-ABB2-F7E591E6FADD}: NameServer = 80.90.160.35 80.90.160.40
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - c:\progra~2\REBATE~1\RebateI.dll
FF - ProfilePath - c:\users\Kind\AppData\Roaming\Mozilla\Firefox\Profiles\e4dyl716.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Inbox Recherche
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=115299&tt=4812_3&babsrc=HP_ss&mntrId=9a021929000000000000001e646c8ad9
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&q=
FF - ExtSQL: 2012-10-17 13:02;
[email protected]; c:\users\Kind\AppData\Roaming\Mozilla\Firefox\Profiles\e4dyl716.default\extensions\
[email protected]FF - ExtSQL: 2012-10-17 13:05;
[email protected]; c:\program files (x86)\SiteRanker\firefox
FF - ExtSQL: 2012-10-17 13:05;
[email protected]; c:\users\Kind\AppData\Roaming\Mozilla\Firefox\Profiles\e4dyl716.default\extensions\
[email protected]FF - ExtSQL: 2012-10-26 22:49; {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}; c:\users\Kind\AppData\Roaming\Mozilla\Firefox\Profiles\e4dyl716.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}
FF - ExtSQL: 2012-11-09 23:56; {ED76C299-85BC-4891-9237-74A140C28832}; c:\program files (x86)\RebateInformer\Firefox
FF - ExtSQL: 2012-12-03 00:20;
[email protected]; c:\users\Kind\AppData\Roaming\Mozilla\Firefox\Profiles\e4dyl716.default\extensions\
[email protected]FF - ExtSQL: 2012-12-03 00:20; {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}; c:\users\Kind\AppData\Roaming\Mozilla\Firefox\Profiles\e4dyl716.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - ExtSQL: 2012-12-03 00:20; {58bd07eb-0ee0-4df0-8121-dc9b693373df}; c:\programdata\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF - ExtSQL: 2012-12-03 00:46;
[email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
user_pref('extensions.dealply.partner', 'vita');
user_pref('extensions.dealply.channel', 'vitatelechargers');
user_pref('extensions.dealply.installId', 'v24300289787058427499942012120300184526');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '6');
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=9a021929000000000000001e646c8ad9&q=
FF - user.js: extensions.BabylonToolbar.id - 9a021929000000000000001e646c8ad9
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15676
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.80:19
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - irhnew
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN115809523469453-1001&toolbarId=base&affiliateId=1001&Lan=fr&utid=9a021929000000000000001e646c8ad9
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN115809523469453-1001&toolbarId=base&affiliateId=1001&Lan=fr&utid=9a021929000000000000001e646c8ad9&q={searchTerms}
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN115809523469453-1001&toolbarId=base&affiliateId=1001&Lan=fr&utid=9a021929000000000000001e646c8ad9
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN115809523469453-1001&toolbarId=base&affiliateId=1001&Lan={dfltLng}&utid=9a021929000000000000001e646c8ad9&q=
FF - user.js: extensions.zonealarm.id - 9a021929000000000000001e646c8ad9
FF - user.js: extensions.zonealarm.instlDay - 15677
FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4
FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.411:23
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN115809523469453-1001
FF - user.js: extensions.zonealarm.dfltLng - fr
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
- - - - ORPHELINS SUPPRIMES - - - -
.
URLSearchHooks-{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - (no file)
BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files (x86)\DealPly\DealPlyIE.dll
BHO-{E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
Toolbar-Locked - (no file)
Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
MSConfigStartUp-ASUS Camera ScreenSaver - c:\windows\AsScrProlog.exe
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{19803860-B306-423C-BBB5-F60A7D82CDE5} - (no file)
WebBrowser-{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - (no file)
WebBrowser-{CFCB809C-3A22-4616-A916-6C007BD9D920} - (no file)
HKLM-Run-ISW - (no file)
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA} - c:\program files (x86)\kikin\uninst.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2012-12-03 17:49:39
ComboFix-quarantined-files.txt 2012-12-03 16:49
.
Avant-CF: 68 918 906 880 bytes free
Après-CF: 68 751 335 424 bytes free
.
- - End Of File - - B96C22AEA339105547D6CFBF8BBA4B9F